Data Security: The Issues and its Proposed

Solutions in Cloud Computing.

various services over the network or the
net to satisfy user's needs.
Rakshanda Kale
MCA
MIT-WPU’s School of Management (PG), Prof. Dr. Minesh Ade
Pune, India Professor MCA
[email protected] MIT-WPU’s School of Management (PG),
Pune, India
I. ABSTRACT [email protected]

Cloud computing is about of resources Cloud computing is one in every of hot

and services offered through the web. topic within the field of
The ascent in field of “cloud knowledge Technology presently.
computing” conjointly will However, cloud computing faces many
increase severe security considerations. critical issues. Bear the brunt of them is data
Data security has systematically been a security, which has become an important
serious issue in data Technology. In the factor restricting the development of cloud
cloud computing atmosphere, it computing. As cloud
becomes significantly serious as a result services knowledge was hold on within
of the info is found in numerous the pc that don't closely held or operated by
places around the globe. Data security users, this leads to data security issues, and
and privacy protection are the two main easily drifted away from the user's control.
factors of [1]. Cloud computing brings a few attributes
user's considerations concerning the that require special attention when it comes to
cloud technology. Data security is one in trusting the system. The trust of the entire
all  the leading considerations and system depends on the data protection and
first challenges for cloud computing. This prevention techniques used in it.
study is to review different data security Numerous totally different tools and
and privacy protection for the techniques are tested and introduced by the
trustworthy cloud environment. In this researchers for knowledge protection
paper, we make a research analysis of the and interference to realize and take away the
existing research work regarding the data hurdle of trust however their square measure
security and proposed solution in the still gaps which need attention and are
cloud computing. Some data security required to be lined up by making these
issues in Cloud Computing are Data techniques much better and effective.  [2].
Breaches, Account Hijacking/ The meaning of security is plentiful. Security
Maintenance, Data locality, VM security is the combination of confidentiality, the
and threat etc. prevention of the unauthorized disclosure of
information, integrity, the prevention of the
Keyword— Cloud Computing, Cloud unauthorized amendment or deletion of
Computing Security, Data Security. information, and availability, the prevention of
unauthorized withholding of information.

II. INTRODUCTION The meaning of security is plentiful. Security

is the combination of confidentiality, the
Cloud is associate surroundings of the prevention of the unauthorized disclosure of
hardware and code resources within information, integrity, the prevention of the
the knowledge centres that offer unauthorized amendment or deletion of
information, and availability, the prevention of
unauthorized withholding of information.
 The service is economical and most of the
time some space is allotted for free [3].
The main features of cloud computing are –
To better understand cloud computing, we
1.On Demand Self-Service – must understand its service and deployment
It is one in all the necessary and models.
valuable options of Cloud The rapidly expanding world of cloud
Computing because computing is rife with cryptic acronyms and
the user will ceaselessly monitor the abbreviations.
server period, capabilities,
and assigned network storage. ‘SaaS’, ‘PaaS’, and ‘IaaS’ are 3 of the
With this feature, the user also can monitor foremost ordinarily used acronyms within
the computing capabilities [3]. the cloud sector, and for good reason [4].

2.Easy Maintenance- 1.IaaS (Infrastructure as a Service)-

The servers square In IaaS, IT infrastructures, such as processing,
measure simply maintained, and also storage, networks, and other fundamental
the time period is incredibly low and even in computing resources, are delivered as a service
some cases, there's no time period. to the consumer. In this sense, consumer can
Cloud Computing comes up with associate deploy and run arbitrary applications and
degree update when by step by operating systems. This model makes
step creating it higher. consumers only pay for what they use.
The updates square
measure additional compatible with the 2.SaaS (Software as a Service)-
devices and perform quicker than older In SaaS, the cloud consumers deliveries
ones in conjunction with the their applications as a service over the net
bugs that square measure fastened [3]. on a hosting environment, which can be
accessed from various user clients.
3.Availibilty- Users rent the software system rather
The capabilities of the Cloud may than shopping for it, that brings a lot
be changed as per the utilization and may be of selections and economical expense [5].
extended plenty. It analyses the storage
usage and allows the user to buy extra cloud 3.PaaS (Platform as a Service)-
storage if needed for a very small amount In PaaS, the consumer can create their cloud
[3]. services and applications directly on a
development environment or platform with
4.Security- tools offered by the platform provider. They
Cloud security is one in all the then can run and deploy these applications
simplest options of cloud computing. with full control. This model makes companies
It creates a pic of the information hold on in do not consider about software management
order that the information might on servers.
not stray though one in all the servers
gets broken. Cloud Computing Data Security Issues-
The data is hold on inside the storage
devices, that cannot be hacked
and utilised by the other person.
The storage service is quick and reliable [3].

5.Pay as you go-

In cloud computing, the user must pay only
for the service or the space they have
utilized.
There is no hidden or further charge that is
to be paid.
 b. Cloud service models with multiple tenants
sharing the same infrastructure.
c. Data mobility and legal issues relative to
such government rules as the EU Data Privacy
Directive.
d. Lack of standards about how cloud service
providers securely recycle disk space and erase
existing data.
e. Auditing, reporting, and compliance
concerns.
f. Loss of visibility to key security and
operational intelligence that no longer is
 Data Security- available to feed enterprise IT security
Data at rest which means data stored in cloud intelligence and risk management.
and Data in transit which means data that is
moving in and out of the cloud[6]. Some Data security issues in Cloud
Te Data at Rest which means the data stored Computing are as follows-
in the cloud
and Data in Transit which means data that is 1. Data Breach-
moving in and out Problem: It mainly violates two security
of the cloud. Confidentiality, and Integrity properties of data: Integrity and
of data is based confidentiality. Integrity refers to protecting
upon the nature of data protection data from unauthorized deletion,
mechanisms, procedures, modification or fabrication.
and processes. The most significant matter is Confidentiality refers
the exposure of to solely licensed parties or systems
data in above mentioned two states. having the flexibility to access the
Data at Rest which means the data stored in protected information.
the cloud In a SaaS model the user’s information is
and Data in Transit which means data that is especially keep and processed at the
moving in and out SaaS merchant finish, so the data is at the
of the cloud. Confidentiality, and Integrity risk of breach.
of data is based The breach behaviour may come from inside
upon the nature of data protection employee who operates the data
mechanisms, procedures, intentionally or unintentionally, or from
and processes. The most significant matter is outside malicious hacker. Consequently, the
the exposure of SaaS vendor should take measures to
data in above mentioned two states. prevent breaches of the users’ data.
Data breaches effect all three service models
Data at Rest which means the data stored in (IaaS, PaaS, and SaaS).
the cloud Solution: There area unit some common
and Data in Transit which means data that is solutions to stay information integrity and
moving in and out confidentiality, like using sturdy secret
of the cloud. Confidentiality, and Integrity writing mechanisms like AES and
of data is based DES below the management of common
upon the nature of data protection PKI infrastructure.
mechanisms, procedures, However, it introduces a heavy computation
and processes. The most significant matter is overhead on the data owner for data
the exposure of management and key distribution when
data in above mentioned two states. desiring fine-grained data access control.
There square This issue can be addressed by combining
measure advanced information security techniques of attribute-based encryption,
challenges within the cloud [7]- proxy re-encryption, and lazy re-encryption.
a. The need to protect confidential business, In addition, a client’s operation of searching
government, or regulatory data.
data on the cloud makes the data be in
danger [8].
2. Data Remanence-
Problem: Data remanence is the residual
representation of data that have been in
some way nominally erased or removed.
In private cloud it causes negligible security
threats, but publically cloud it will cause
severe security problems owing to the
open surroundings, particularly in AN IaaS
model [9].
Solution: One of the propositions is to encrypt
the data and shred the key, making device
management become a pivotal function.
3.Data locality-
Problem: In a SaaS model of a cloud
environment the customer does not know
where the data is stored, which may be an
issue. To avoid the leak of
probably sensitive data, information privacy
laws in several countries like some EU
countries forbid some sorts
of information to depart the country, which
makes locality of data be an extremely
important consideration in many enterprise
architectures.
Solution: The issue should be solved by
creating secure SaaS model which can provide
reliability to the customer on the location of
the data of the consumer.
III. LITERATURE REVIEW
As more workloads move to the cloud and
organizations adopt PaaS to further accelerate
development lifecycles, it’s no surprise that
43% of cybersecurity professionals struggle
with even basic visibility into infrastructure
security.
Beyond that, given the continued
misunderstanding of what organizations must
manage and secure combined with the highly
disruptive, dynamic nature of the cloud it can
be near-impossible to quantify risk and
respond effectively.
In 2011 Venkata Sravan et.al wrote a paper
titled Security Techniques for Protecting Data
in Cloud. The aim of this paper is to
understand the security threats and identify the
appropriate security techniques used to
mitigate them in Cloud computing. The
research identified a total number of 43
security challenges and 43 security techniques.
The most measured attribute is Confidentiality
(31%) followed by Integrity (24%) and
Availability (19%) [10].
In 2014 Sudhansu Ranjan Lenka et.al wrote
a paper titled “Enhancing Data Security in
Cloud Computing using RSA Encryption and
MD5 Algorithm. As the title of the paper
suggests; they implemented both RSA
Algorithm and MD5 Algorithm. In this paper,
the RSA Algorithm is used for secured
communication and file encryption and
decryption purpose whilst MD5 Algorithm is
used for digital signature as well as covering
the tables for unauthorized users. The two-
algorithm proposed provides the three aspects
of security which are Confidentiality, Integrity
and Availability [13].
In 2014 Afnan Ullah Khan proposed a
technique known as Access Control and Data
Confidentiality (ACDC) in his paper titled
Data Confidentiality and Risk Management in
Cloud Computing. The aim of the paper was
to develop a novel scheme that would enforce
access control policies on cloud computing
scenarios. He used a scenario in
Medical/Health care where he came out with
the following compositions; Data Owner
(Medical centre), Data Consumers (patients,
nurses, doctors etc.), Infrastructure Provider
and Trusted Authority. The paper focused on
Infrastructure as a Service as its deployment
model whereas data confidentiality and
authentication were achieved through the
proposed technique [12].
In 2016 Sarojini et.al proposed a technique
known as Enhanced Mutual Trusted Access
Control Algorithm (EMTACA). This
technique presents a mutual trust for both
cloud users and cloud service providers to
avoid security related issues in cloud
computing [11]. The aim of this paper is to
propose a system which include EMTACA
algorithm which can assure enhanced
guaranteed and trusted and reputation-based
cloud services among the users in a cloud
environment. The results of this papers how
data confidentiality, integrity and availability
which is the three most important aspect of
data security was achieved.
In 2011 Venkata Sravan et.al wrote a paper
titled Security Techniques for Protecting Data
in Cloud. The
aim of this paper is to understand the security
threats and identify the appropriate security
techniques
used to mitigate them in Cloud computing
[2]. The research identified a total number of
43 security
challenges and 43 security techniques. The
most measured attribute is Confidentiality
(31%) followed
by Integrity (24%) and Availability (19%)
In 2011 Venkata Sravan et.al wrote a paper
titled Security Techniques for Protecting Data
in Cloud. The
aim of this paper is to understand the security
threats and identify the appropriate security
techniques
used to mitigate them in Cloud computing
[2]. The research identified a total number of
43 security
challenges and 43 security techniques. The
most measured attribute is Confidentiality
(31%) followed
by Integrity (24%) and Availability (19%)
In 2011 Venkata Sravan et.al wrote a paper
titled Security Techniques for Protecting Data
in Cloud. The
aim of this paper is to understand the security
threats and identify the appropriate security
techniques
used to mitigate them in Cloud computing
[2]. The research identified a total number of
43 security
challenges and 43 security techniques. The
most measured attribute is Confidentiality
(31%) followed
by Integrity (24%) and Availability (19%)
In 2011 Venkata Sravan et.al wrote a paper
titled Security Techniques for Protecting Data
in Cloud. The
aim of this paper is to understand the security
threats and identify the appropriate security
techniques
used to mitigate them in Cloud computing
[2]. The research identified a total number of
43 security
challenges and 43 security techniques. The
most measured attribute is Confidentiality
(31%) followed
by Integrity (24%) and Availability (19%)
In 2014 Sudhansu Ranjan Lenka et.al wrote
a paper titled “Enhancing Data Security n
Cloud
Computing using RSA Encryption and
MD5 Algorithm. As the title of the
paper suggests; they
implemented both RSA Algorithm and MD5
Algorithm. In this paper, the RSA Algorithm
is used for
secured communication and file encryption
and decryption purpose whilst MD5 Algorithm
is used for
digital signature as well as covering the tables
for unauthorized users [6]. The two algorithm
proposed
provides the three (3) aspects of security
which are Confidentiality, Integrity and
Availability
Sudhansu Ranjan Lenka et.al wrote a
paper titled “Enhancing Data Security in
Cloud
Computing using RSA Encryption and
MD5 Algorithm. As the title of the
paper suggests; they
implemented both RSA Algorithm and MD5
Algorithm. In this paper, the RSA Algorithm
is used for
secured communication and file encryption
and decryption purpose whilst MD5 Algorithm
is used for
digital signature as well as covering the tables
for unauthorized users [6]. The two algorithm
proposed
provides the three (3) aspects of security
which are Confidentiality, Integrity and
AvailabilitIn 2014 Sudhanshu Ranjan Lenka
et.al wrote a paper titled “Enhancing Data
Security in Cloud Computing using RSA
Encryption and MD5 Algorithm. As the title of
the paper suggests; they implemented both
RSA Algorithm and MD5 Algorithm. In this
paper, the RSA Algorithm is used for secured
communication and file encryption and
decryption purpose whilst MD5 Algorithm is
used for digital signature as well as covering
the tables for unauthorized users. The two-
algorithm proposed provides the three aspects
of security which are Confidentiality, Integrity
and AvailabilityIn 2016 Sarojini et.al proposed
a technique known as Enhanced Mutual
Trusted Access Control Algorithm
(EMTACA). This technique presents a mutual
trust for both cloud users and cloud service
providers to avoid security related issues in
cloud computing [10]. The aim of this paper is
to propose a system which include EMTACA
algorithm which can assure enhanced
guaranteed and trusted and reputation-based
cloud services among the users in a cloud
environment [10]. The results of this papers
how data confidentiality, integrity and
availability which is the three most important
aspect of data security was achieved.In 2017,
Dimitra A. Georgiou wrote a paper to present
security policies for cloud computing. The
purpose of the security policies is to protect
people and information, set rules for expected
behaviour by users, minimize risks and help to
track compliance with regulation. The paper
focused on Software as a Service. The paper
presented a detailed review and analysis of
existing studies as far as security is concern in
cloud computing. With Dimitra’s review of
existing threat, he focused on the once that are
not applicable to conventional systems. To be
able to identify new rules that supposed to be
integrated in the cloud policy, a methodology
was proposed for assessing different threats in
the cloud. This paper scrutinized the security
requirements of a cloud service provider
taking into consideration a case study of E-
health system of Europe.In 2013 Nabil Giweli
proposed a solution-based approach referred
as Data Centric Security approach. This
approach aims at providing security at the
data level hence the data are self-describing,
self-defending and self-protecting during their
lifecycle in the cloud environments. This
approach gives the entire responsibility to the
data owner to set and manage the data
privacy and security measures. This proposed
solution is based on Chinese Remainder
Theorem (CRT) and it utilizes symmetric and
asymmetric encryption techniques. In this
paper, the proposed solution is proven to be
very efficient as it does not require complex
key derivation methods and the data file does
not need to be encrypted more than once.
Challenges Observed In Literature Review
Few challenges or issues that were identified
during reading and analysing the research
papers have been outlined below;
1.Some of the research papers focused their
implementation on Platform as a service and
Software as a service leaving Infrastructure as
a service behind.
2.Other papers also concentrated on data
Confidentiality without considering Integrity,
non-repudiation and authenticity.
3.Few of the papers were theoretical based
meaning actual practical implementation was
not done.
4.In other papers, though the technique
proposed seams reliable, but it looks weird,
complicated and cumbersome to implement.
5.Some proposed techniques were also not
experimentally validated like the Access
Control and Data Confidentiality (ACDC).
IV. CONCLUSION
Cloud Computing is the delivery of computing
services; servers, storage, databases,
networking, software, analytics, intelligence
and more over the internet to offer faster
innovation, flexible resources and economies
of scale. Cloud computing is an emerging
social phenomenon that is been patronize by
individuals almost every day. For any
important emerging technology, it comes with
its own issues that hinder its adoption.
currently, cloud computing is seen as a fast-
developing area that can instantly supply
extensible service by using internet with the
help of hardware and software virtualization.
The phenomenon of Cloud Computing is very
promising which ensures businesses increase
efficiency alongside reducing their cost of
production. Data protection and security in
cloud computing is still crawling on its knees
and needs more research attention although it
has been deployed and used in production
environment. Data Security in Cloud
Computing is an important area that should be
given much attention. Large amount of data
these days circulate in the cloud which has
given room for intruders and eaves droppers to
try and get hold of them. It is therefore
essential, for vigorous study on how to
propose and implement robust and functioning
security mechanism that will prevent hackers
from getting access to the data being
transmitted to and for in the cloud. Based on
the information presented in this study,
through the analysis of various papers and the
insight gotten from the implementation of the
proposed techniques, it is realized that
majority of the paper give much attention to
data confidentiality whilst few papers satisfy
the three aspect of security; Confidentiality,
Integrity and Availability [14].
V. REFERENCES
 Journal of Computer Science Trends and
[1]https://www.scribd.com/document/22321 Technology (IJCST) – Volume 2, Issue 3, June
9887/270497222-06755112 2014.
[2]. https://docplayer.net/3844202-Data- [14].https://www.youtube.com/watch?
protection-techniques-for-building-trust-in- v=rnS3K5MmcHY
cloud-computing.html
[3]. https://data-flair.training/blogs/features-of-
cloud-computing/
[4]. https://doublehorn.com/saas-paas-and-
iaas-understanding/
[5].https://www.scribd.com/document/38429
7109/41-1511245079-21-11-2017-pdf
[6].https://www.scribd.com/document/36515
5509/amc-27

[7].http://datasecurityyobosei.blogspot.com/
2017/02/customer-data-security.html

[8].https://lpuguidecom.files.wordpress.com
/2016/10/17783_int309-cloud-
computing.pdf

[9].https://www.academia.edu/5914072/Sec
urity_Issues_of_Cloud_Computing_and_Im
pacts_to_Enterprises .

[10]. Venkata S. et.al (2011) Security

Techniques for Protecting Data in Cloud
Computing, 12 Jan 2019 [Online] Available:
https://www.bth.se/com

[11]. Sarojini G. et.al (2016) Trusted and

Reputed Services using Enhanced Mutual
Trusted and Reputed Access Control
Algorithm in Cloud, 2nd International
Conference on Intelligent Computing,
Communication & Convergence (ICCC-2016).
www.sciencedirect.com13.

[12]. Afnan U.K. (2014) Data Confidentiality

and Risk Management in Cloud Computing 2
Feb 2019 [Online] Available:
https://www.ethesis.whiterose.ac.uk/13677/1
/Thesis_Final_Afnan _27072016_ EngD.pdf10.
Sarojini G. et.al (2016) Trust.

[13]. Sudhansu R. L. et.al Enhancing Data

Security in Cloud Computing Using RSA
Encryption and MD5 Algorithm, International